THE  GRILL;  (lOogle  enterprise  prodiiet  guru 
Matthew  (iUrtzhaeli  answers  the  question: 
What's  so  good  about  eloud  eoniputing?  page  20 
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Recent  thefts  of  card 
data  during  electronic 
transmission  raise 
questions  about  the 
PCI  security  standard’s 
effectiveness. 

IT  executives  are  in  a 
battle  for  control  as 
business  units  again 
demand  to  make 
purchasing  decisions 
on  their  own. 


‘XP  Lite'  could  be  a 
smart  mobile  strategy 
for  Microsoft. 

Your  information 
security  squad  is 
much  bigger  than 
you  think. 


What’s  the  single 
most  important  IT 
skill?  The  answer  may 
surprise  you. 


SaaS 

offers  a  cure  for 
boring  IT  applications. 


Microsoft 


taking  on  dragons,  easy. 


1.  Put  the  fire  out. 

Knowing  what  to  do  if  there's  a  fire  is  always  smart. 
That  the  fire  spews  from  the  mouth  of  a  ferocious 
flying  serpent  should  make  no  difference. 


2.  Give  them  what  they  want. 

Dragons  desire  gold,  jewels,  and  princesses.  Have  any  treasure  around? 

A  nice  watch,  petty  cash,  your  silver  sales  award?  More  on  princesses  later. 


4.  Ask  for  a  break. 

Searing  heat,  slashing  claws,  and  the 
hell  will  tire  anyone.  Say  you  need  a 
quickly  out  the  back. 


3.  Use  the  shrink  spell. 

Arthurian  legend  tells  of  the  wizard  Merlin,  who  would  have  known 
how  to  shrink  an  unruly  dragon.  Magic  wand  and  spells  not  included. 


5.  The  princess  defense. 

That  temp  in  finance — bewigged,  begowned,  and  pushed  Dragon- 
ward— may  Just  pass  for  a  princess. 


6.  Dragonslayer. 

You  learn  to  slay  Dragons  by  slaying  Dragons.  Win  this  one  and  you'll 
be  an  in-demand  consultant  to  other  Dragon-besieged  companies. 


taking  on  security  threats,  easier. 


1.  Implement  Microsoft"  Forefront.' 

Forefront  makes  defending  your  systems  easier.  It's  a  comprehensive,  simple- 
to-use,  integrated  family  of  products  that  helps  provide  protection  across  your 
client  server,  and  network  e^e.  Learn  how  Del  Monte  Foods  uses  the  Forefront 
family  of  products  to  help  defend  their  systems.  Visit  easyeasier.com 
Forefront  is  business  security  software  for  client  server,  and  the  network  edge. 
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K  Cost  and  reliabilily  roncems  are  keeping  ftor- 
agahuysnawayfromsoiid-statetedinol- 
ogy.  I  An  overflow  of  petitions  requires  a  lottiry 
to  determine  the  2009  H-1B  visa  wimwrs. 


12  Analysts  warn  that  IT  managars  must 
prepare  for  cutbacks  nowinthefaceofthe 

declining  sconcmy.  I  Bll  says  its  new  watsr- 

coctsd  sarvar  will  blunt  IT  energy  concerns. 


14  Apples  decision  to  push  its  Salari 
brawsar  to  incautious  PC  users  as  part 
olanITunesandCluickTime  update  has 

infuriatad  cempanias  now  trying  to 


■  NEWS  ANALYSIS 


W  HackarsOpan  Haw  Front  in  Card  DaU 

Thafls.  Recent  thefts  of  credit  and  debit  card  data 
while  in  transit  between  systems  are  raising  ques¬ 
tions  about  whether  the  PQ  security  standard  is 
filly  equipping  companies  to  fend  off  cybercrooks. 


18  IT  Kaaps  Battling  to  Main-  j 
tab)  Control  of  Tadmolagy.  . 

Analysts  and  users  say  that  busi-  / 


■  OPINIONS  AND  FEATURES 

8  Editor’s  Note:  Don  Tannant  worries  that 
students  are  getting  the  message  that  companies 
won't  hire  new  grads,  which  could  cause  the  pool 
of  homegrown  talent  to  dry  up. 

18  On  the  Mark:  Mark  Hal  discovers  that 
SaaS  biUng  services,  once  unthinkable  to  CFOs, 
are  already  here. 

20  The  Grill:  Matthaw  Olotzbaeh.  Google  s 
enterprise  product  guru,  talks  about  the  logic  of 
ckxid  computing,  corporate  social  networking  and 
the  advent  oftnreutilitycomputing. 

24  Miehaal  Oartanbarg  customized  XP  for  a 
tiny  laptop,  which  gave  him  an  idea  for  Microsoft. 
40  Career  Watch:  A Compulerworld  Premier  100 
IT  Leader  discusses  trust  and  youth  vs.  experience. 
42  Shark  Tank:  The  network  is  completely 
down,  but  the  mystery  clears  up  when  a  user  re¬ 
members  that,  oh  ye^,  he  did  do  one  little  thing. 
44  Frankly  Speaking:  Frank  Hayes  sug¬ 
gests  that  your  Information  security  squad  should 
be  much  bigger  than  you  think. 


■  ALSO  18  THIS  ISSUE 


Inside 


Fhra  Things  Your  HR  Paopla 
Should  Know.  Your  human  re¬ 
sources  group  handles  -  and  shares  -  huge 
stores  of  sensitive  data.  This  is  a  department  m 
need  of  strict  data-retention  policies. 

KFns  Things  Your  Salaspaopis 
Should  Know.  Yourtop  sales¬ 
people  are  closing  deals  from  coast  to  coast, 
yet  they  could  be  leaving  a  trail  of  data  behind 
them.  Here's  how  to  make  sure  they're  protect¬ 
ing  the  company's  assets. 

Q  n  Fivo  Things  Your  Rocoptionist 
OrC  Should  Know.  Your  reception¬ 
ist  can  weaken  your  company's  security  by 
taking  for  scams  or  illegally  downloading 
hies.  Tighten  up  your  front-line  defense  with 
targeted  training. 

QQFourThingsYourAdininistra- 

OOlivsSUffSliouldKnow.Yourad- 

ministrative  employees  are  just  one  step  away 
from  top  executives  and  often  have  high-level 
data  access.  Here's  how  to  keep  that  data  safe. 


o  A  Throe  Things  Your  FacWliss 
Group  Should  Know.  Your 
facilities  managers  literally  hold  the  keys  to 
your  company's  physical  security.  With  some 
targeted  training  and  standard  practices,  your 
building  can  be  made  a  whole  lot  more  secure. 
.Q  A  Four  Things  Your  Hsmote  Staff 
Should  Know.Yourlelecommut- 
etsand  branch  workers  are  out  there  in  the 
ether  -  along  with  your  company's  equipment 
and  data.  Keep  their  unique  security  issues 
front  and  center. 


Q  C  How  to  Spot  a  Spy.  Con  artists 
O  O  make  it  their  job  to  extract  sensitive 
corporate  inteligence  from  unsuspecting  em¬ 
ployees.  Here's  howto  stop  them. 
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‘  battle  with  the  government  to 
protect  their  patrons'  privacy.  Columnist 
Mark  Hal  asks:  How  far  will  you  go  to  defend 
the  privacy  of  your  customers’ and  employees' 
personal  data? 


BRANDON  LAUFENBERG. 


Innovations  by  InterSystems 

Embed  the  ability  to  scale. 


Make 
Applications 
More 
Valuable 


IN  THE  WORLD  OF  ENTERPRISE  INTEGRATION 


■  iWER 

PRODUCE,  PERSUADE^  PERFORM’  ''R  UETIVORK, 


niciqcAN'rlVARl 


Trade  up  your  PA-RISC  system  with  the  IBM  Power  Rewards  Program:^ 

IBM.COM/TAKEBACKCONTROL/POWER 


system  is  producing  enough  tored  into  the  equation, 
graduates  in  technology-  however,  is  that  a  hefty 
related  fields.  We’ve  all  read 

about  the  concern  that  the  ■  H’S  eaSV  tO  dump 
US.  is  losing  its  comped-  a 

tive  edge  because  China, 

India  and  other  countries  wy  JW  ninny 

are  educating  far  mote  sci-  tTSinillQ  IWWOTad” 

entists  and  engineers  than  UfltSS  OlltO  OtMT 

we  are.  But  there's  plenty  COmpaiNeS.  But 

ofdebateoj^whetherthat  ther«’s Something 

concern  is  legitimate.  ji,. _ 

For  example,  last  No-  dBteStefUHy 

vember,  Harold  Salzman  of  SitiC  SOOtIt  Ul8t. 


ts  can  be  met  only  by 
rienced  workers,  just 
s  easy  to  dump  the 


to  get  rid  of  agricultural 
parasites.  Now  if  only  the 
example  of  professionalism 


Don  Tannairt  is  editorial 
director  of  Computerworld 
and  InfoWorld.  Contact 
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■  LETTERS 


You  Never  Forget 
Your  First  Computer 

Gary  Anthes’  comments  about  the 
1401  brought  back  fond  memories 
["Tales  From  the  Crypt:  Our  First 
Computers,"  Computerworld.com, 
March  25].  1  started  out  wirii^  boards 
on  407  tab  equipment,  then  moved 
up  to  a  1401G  (a  4k  machine).  My  first 
application  was  a  mortgage  loan  sys¬ 
tem  for  12  banks.  1  learned  a  lot  about 
overlays  and  coding  in  “actual." 

Forty-three  years  later.  I’m  still 
at  it,  only  now  I  get  to  play  with 
everything  from  embedded  sys¬ 
tems  to  supercomputers.  Having 
experienced  working  so  intimately 
with  the  hardware  at  the  begin¬ 
ning  still  provides  valuable  insight 
into  what’s  going  on  through  all 
the  layers  of  fog  in  today’s  technol¬ 
ogy.  When  you  think  about  it,  a  cell 
phone  is  now  more  powerful  than 
the  most  powerful  computer  of  not 
that  many  years  ago. 

■  Richard  Bandar,  president, 

Bender  RBT  Inc.,  Queensbury,  N.Y., 
rbender@BenderRBT.com 


Let’s  Recognize  How 
Critical  Training  Is 


had  no  way  to  use  the  new  tech¬ 
niques  once  they  returned  to  work. 
A  few  people,  the  ones  who  really 
got  it,  sometimes  left  the  organi¬ 
zation  to  seek  a  place  where  they 
really  could  improve  the  way  they 
worked  and  developed  software. 

Today,  the  fat  training  budgets  are 
gone,  and  so  are  the  days  of  train¬ 
ing  your  own  staff.  Those  of  us  with 
corporate  knowledge  are  cast  aside 
in  favor  of  cheaper  (often  foreign) 
labor  that  brings  some  specific  tech¬ 
nical  skill  As  for  the  methods  of  the 
past,  these  newbies  just  hack  away 
in  higher-level  languages,  but  the 
theme  remains  the  same.  The  MIPS 
are  cheaper:  the  people  are  cheaper: 
but  the  quality  of  our  industry  has 
made  little  progress  overall. 

■  Jason  Martin,  consultant, 

St.  Augustine,  Fla., 
CaptJason@aol.com 

‘Touch-Screen  Voting 
Made  Me  Feel  Better’ 

The  key  thing  to  me  when  it  comes 
to  touch-screen  voting  is  that  ask¬ 
ing  voters  if  they  trust  the  machine 
misses  the  point  [“Voters  Trust 
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News, 


Solid-State  Drives  Still  Not 
Ready  for  IT,  Users  Say 


5  age  technology  may 
offer  some  perfor¬ 
mance  advantages, 
but  for  most  companies,  it 
remains  too  costly  and  un¬ 
reliable  for  data  center  use, 
said  several  attendees  here 
at  last  week's  Storage  Net¬ 
working  World  conference, 
which  was  co-sponsored 
by  Computerworld  and  the 
Storage  Networking  Indus- 

Gregory  Gum,  an  engi- 


MONDAY:  Collaborate  '08,  a  conference  jointly  run  by  three 
Oracle  user  groups,  begins  in  Denver.  Also  starting  today  are 
Microsoft's  MVP  Global  Summit  in  Seattle  and  the  MySQL 
Conference  &  Expo  2008  in  Santa  Clara,  Calif. 


have  a  performance  reason 
for  solid-sfate  drives  to  make 
sense."  Coulson  said.  "I 
wouldn't  recommend  them 
if  you  care  about  dollars  per 
gigabyte.  [But]  if  you  care 
about  dollars  per  unit  of  per¬ 
formance,  that's  different." 

He  said  solid-state  tech¬ 
nology  is  best  suited  for  ap¬ 
plications  that  require  high 
throughput  and  for  high- 
performance  software  like 
transactional  databases  and 
Web  services. 

!  Companies  that  don't 

I  need  the  performance  see 
no  need  to  switch  from  hard 


and  always  will  be.” 

Gum  predicted  that  it  will 
take  at  least  five  years  for 
solid-state  memory  to  be 
widely  deployed. 

Rick  Coulson,  a  senior  fel¬ 
low  at  Intel  Corp.,  warned 
IT  managers  to  be  wary  of 
the  technology.  "You  have  to 


mend  [solid-  |  | 

state  drives]  if  1^  1 
you  care  ab^  M 

dollars  per  gigabyte. 

[But]  if  you  care  about 
dollars  per  unit  of  perfor¬ 
mance,  that’s  different. 


consideration,"  said  Ed  Rich¬ 
ard,  an  IT  infrastructure  en¬ 
gineer  at  Stiefel  Laboratories 
Inc.  "Am  I  going  to  put  [a 
solid-state  disk)  into  a  SQL 
database?  Absolutely  not.” 

Richard  is  interested  in 
the  technology's  promise 
of  minimizing  cooling  and 
maintenance  costs  but  said 
its  limited  storage  density 
would  need  to  be  addressed. 

“Our  [system  capacity] 
has  to  scale  up  to  1  peta¬ 
byte."  he  said.  “1  can't  imag¬ 
ine  the  number  of  [flash] 
drives  you  would  need  to 

Jeffrey  ]anukowicz,  an  an¬ 
alyst  at  IDC,  said  corporate 
users  will  hold  off  on  adopt¬ 
ing  solid-state  storage  until 


Lottery  Will 
Select  H-1B 
Winners 

The  U.S.  government  last 
week  announced  that  H-1B 
visas  lor  fiscal  2009  will  be 
issued  via  lottery,  after  em¬ 
ployers  submitted  another 
overflow  batch  of  petitions 
earlier  this  month. 

U.S.  Citizenship  and  Im¬ 
migration  Services  received 
163.000  requests  lor  H-1B 

quiring  the  use  of  a  comput- 

process.  The  requests 
were  made  to  the  agency, 
which  is  part  of  the  U.S. 


Department  ol  Homeland 
Security,  during  a  hve-day 
hlirig  period  that  started 

were  143.000  petitions  for 
85,000  available  visas. 

This  year,  the  USCIS  will 
issue  65,000  regular  visas 
and  20.000  more  for  loreii 
nationals  with  advanced  d( 

The  OHS  extended  from  1 
months  to  29  the  period  th 
toreign  graduates  of  U.S. 


,  THI60DEAU 


Giraffes  get  dropped  6  feet  to  the  ground  at  birth. 


They  can’t  avoid  rude  awakenings. 

But  you  can  With  proven  performance  management  software  from  SAS. 

www.sas.com/giraffes 
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IBM  IMveib  WateH>wled  Suiwrcoinpiita 

IBM  LAST  WEEK  umrtMli  ;  ihan«ircoa«ng-4WliniM  I  hinl*afst«ingtlwmup.But 


Tin  Poww  575  suparcomput- 
ir  IneoiponlM  a*  eompiny’s 
nm  Hydro  OwtoriMgn. 

coppor  pipos  that  cmy  eoU 


than  air  cooftig  -  4  W  thnat 
mora  afftdonL  acconing  to  BM 
-  and  it  alom  tha  company  to 
craffl44a4.7-OHzPo«mt«proc- 
asaor  carat  Into  a  Potnr  575 
rack,  laid  Scott  Handy,  vica 


caoiad  tyitomt  had  fahn 
out  of  iamr  in  meant 
yaambaeauaaoltha 


Kandy  dadlntd  to  say  H  other 
Powar  tystama  wW  uaa  the 

^m  ara  dahnltoly  taybig  M 
waiar  w«  ha  uttd  mom  in  future 
In  tha  data  cantor,' ha  naiad. 

BM  Ptaa  itopradad  Ha  Mgh-and 
air-caoladUnta-batadaupar- 
camputor,  tha  Pnimr  595,  with 

_  anawPoamrSprocataar 

that  nas  at  up  to  5  6Hz. 
Both  it  and  tha  Pmaar  575 

-  JAMES  MCCOLAL 
lOe  NEWS  SERVICE 


'CarrenHy,  oarnefmorl:  e^nff'e^ufiuifk  fk^Cmm 
elecftenie  Min  olefipnJi,  uhid  e«n^  f^/enve  anA 
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»  Business  demands  bringing  you  down?  Then  trust  the  Juniper  Networks  portfolio  of 

Juniper  . 

U.00/- 

network  infrastructure  solutions  to  keep  you  ahead  of  constantly  evolving  business 
requirements.  Juniper  delivers  more  choice  and  control  from  your  network,  while  our 
streamlined  JUNOS™  softvrare  minimizes  downtime  and  reduces  complexity,  network 

management  expenses  and  operating  costs. 

Increase  the  value  of  your  network  by  bringing  innovation  to  market  faster.  That's  a 
clear  competitive  edge.  The  switch  is  on  to  higtvperformance  network  infrastructure: 

www.luniper.net/conn0cted 

1.888. JUNIPER 

■  NEWS  DIGEST 


BETWEEN  THE  LINES 


By  John  Klossner 


Uninvited  Guest  -  Safari  - 
Hits  Corporate  Networks 

Apple  inc/s  push  to  i  more  potential  attack  sur- 

offer  its  Safari  face  is  installed  in  a  group  of 

Web  browser  w*  -^.^folks  that  are  vulner- 


(30r  am  IPtAl 

\  ’ll'  fbR£0Itl»46CO5B- 

CoCT'£VUI*lt, 


realizing  it. 

“I  scanned  my  network, 
and  my  inventory  software 
said  I  have  Safari  on  30 
PCs,”  he  said. 

Apple  had  configured  the 
update  so  that  users  who 
clicked  "OK”  on  a  pop-up 
message  would  automati¬ 
cally  install  its  Web  browser 
on  their  PCs.  Most  users 
thought  that  Safari  was 
simply  a  component  of  the 
Apple  software  they  had  al¬ 
ready  installed.  Wilson  said. 

"This  is  not  good;  this  is  a 
security  risk."  Wilson  said. 
"We’re  a  bank." 

Wilson  said  it  took  almost 
a  week  to  remove  Safari  from 
his  network  and  to  prevent 


the  third  quarter  of  2008 
in  an  effort  to  cut  costs  and 
return  to  profitability. 

launched  its'system;360 
mainframe  line,  the  first 
family  of  computers  that 
could  continue  running 
the  same  software  as  new 


Asustek  Sues  IBM 
In  Patent  Dispute 

TAIPEI  -  Motherboard  maker 
Asustek  Computer  Inc.  earlier 
this  month  filed  a  lawsuit  in 
U.S.  federal  court  charging 
that  IBM  has  infringed  on  two 
of  its  patents. 

The  suit  was  hied  four 
months  after  the  U.S.  Inter¬ 
national  Trade  Commission 


Asustek,  which  is  based 
here,  declined  to  comment  on 
the  lawsuH.  IBM  officials  could 
not  be  reached. 

Dan  Nystedt. 

IDG  News  Service 

Microsoft  Expands 
Health  IT  Efforts 

BERLIN  -  Microsoft  Corp.  last 
week  announced  at  the  CohnIT 
heath  care  show  here  that  H 
has  started  distributing  its 
Amalga  health  care  software 
In  Europe. 

Microsoft  bought  the  soft- 


care  software  makers. 

“H  it  can  be  proven  in  wide- 
scale  deployments,  Amalga  is 
likely  to  have  strong  appeal  for 
European  health  care  provid¬ 
ers,  particularly  those  with  a 
mishmash  of  clinical  and 
departmental  systems,"  Sar- 
geant  wrote  in  a  research  note. 
Jeremy  Kirk, 

IDG  News  Service 

BRIEFLY  NOTED 
Yahoo  Inc.  last  week  agreed 
to  buy  almost  all  of  the  assets 
-  including  Web  analytics  tools 
and  an  RAD  operation  -  of 
Tensa  Kft  in  Budapest.  Tenns 
of  the  deal,  espected  to  dose  by 
mid-2008.  were  not  disdosed. 
Linda  Rosencrance 


■  SECURITY 


Hackers  Ogen 
New  Front  in 
Data  Thefts 

Cybercrooks  are  stealing  info  while  it’s 
in  transit  between  systems.  Can  the  PCI 
rules  stop  them?  By  Jaikumar  Vijayan 


K  from  the  data-  |  raised  their  hand  and  said  |  has  yet  to  be  detected  or  Schwartz  said  that  many 

It  they  previously  they  were  compliant  doesn’t  patched.  Once  the  attack-  companies  don’t  even  moni- 

;ted.  necessarily  mean  they  were  ers  get  a  foothold,  they  can  tor  those  ports,  assuming 

e  apparent  success  |  compliant,"  Russo  said.  He  |  widely  deploy  malware  that  instead  that  all  of  the  data 

.  iff  the  network  for  traffic  going  out  through 

they’re  interested  in,  them  is  legitimate. 


again  on  Feb.  27.  That  was 
the  day  Hannaford  was  first 
made  aware  of  suspicious 
activity  involving  the  credit 
cards  of  its  customers. 

The  PCI  rules  require 
merchants  to  encrypt  sensi¬ 
tive  data  while  it’s  being 
transmitted  across  open 
public  networks  that  attack¬ 
ers  could  easily  use  to  inter¬ 
cept  and  divert  information. 
But  they  aren’t  required  to 
encrypt  payment  card  infor¬ 
mation  while  it’s  in  transit 
on  their  internal  networks. 

Bob  Russo,  general  man¬ 
ager  of  the  PCI  Security 


■  In  the  vvake  of  the  breaches  at 
Hannaford  and  Okemo,  Airiine 
Rqrarling  Coip.  is  reviewing  its 
networks  to  make  sure  they 
aren’t  vulnerable  to  data-iiHransit 
thefts,  says  Devon  Bhatt,  AFC’s 
director  oif  corporate  security. 


stage,  installing  the  tools  |  ing  data-sniffing  tools  in  an 
may  require  a  heavy  invest-  effort  to  intercept  informa- 
ment  of  time  and  effort  on  tion  while  it’s  being  trans- 


do  pomt  to  a  new  method  of 
attack,  said  Deven  Bhatt,  di¬ 
rector  of  corporate  security 
at  Airline  Reporting  Corp. 
in  Aldington.  Va.  But  he 
added  that  ARC.  which  pro¬ 
vides  ticket  distribution  and 
financial  settlement  services 
to  more  than  ISO  airlines 
and  rail  carriers,  is  review¬ 
ing  its  networks  to  make 
sure  they  aren’t  vulnerable 
to  data-in-transit  thefts. 

ARC’S  review  was  prompt¬ 
ed  by  Okemo’s  disclosure 
that  its  systems  had  been 
breached  in  a  Hannaford-like 
fashion  and  by  the  reports 


■  MANAGEMENT 


LAS  VEOAS 

COUNTRIES  MAY 

have  clear  borders, 
but  IT  organizations 
do  not.  IT  manag¬ 
ers  and  analysts  at  Gartner 
Inc.'s  Symposium/ITxpo 
here  last  week  said  that  a 
growing  number  of  IT  units 
are  encountering  new  resis¬ 
tance  in  the  never-ending 
battle  for  control  over  cor¬ 
porate  technology. 

In  recent  years,  IT  depart¬ 
ments  have  expanded  their 
powers  by  overseeing  corpo¬ 
rate  initiatives  to  consolidate 
data  centers  and  to  imple¬ 
ment  virtualization  and  data 
integration  projects. 

Those  efforts  allowed 
IT  to  regain  much  of  the 
authority  that  had  been 
hijacked  by  business  units 
starting  20-plus  years  ago 
with  the  dawn  of  the  PC 
revolution. 

Today,  IT  managers  face 
new  battles  over  who  choos¬ 
es  the  brand  of  cell  phones 
and  PDAs  employees  use. 


IT  Keeps 
Battling  to 
Maintain 
Control  of 
Technology 

Gains  are  forfeited  as 
business  units  demand  to 
make  purchases  on  their 
own.  ^  Patrick  Thibodeau 

operations  for  an  engineer-  |  ing  person  needs  is  not  what 
ing  research  group  at  a  ei^ineering  needs.”  Cen- 


your  control,”  he  said. 

Allen  Benson,  an  IT  man¬ 
ager  at  a  retailer  that  he 
asked  not  be  named,  said  his 
company  recently  moved 
control  of  its  cell  phones 
and  mobile  devices  from  the 
purchasing  department  back 
to  the  IT  department. 

Previously,  he  said, 
employees  could  “buy  ev¬ 
erything  and  anything" 
they  wanted  when  it  came 
to  PDAs  and  cell  phones. 
That  policy  led  users  to  re¬ 
quest  that  the  IT  operation 
provide  e-mail  access  on  a 
variety  of  mobile  platforms, 
including  many  that  the 
company  didn’t  support. 

Benson  said  that  IT’s 
decisions  regarding  what 
should  be  under  its  control 
are  based  on  whether  a  par¬ 
ticular  technology  uses  the 
corporate  network. 

On  the  other  hand,  the 
IT  unit  will,  for  example, 
allow  the  engineering  or¬ 
ganization  to  use  advanced 
technologies  that  require  no 


Matthew  Glotzbach 

Google's  enterprise  product  guru 
talks  about  the  logic  of  cloud  comput¬ 
ing,  the  emergence  of  corporate 
soc^  netwoiwng  and  the  advent 
of  true  utility  computing. 


Google’s  enterprise  guy  gets  it  that 
corporate  users  need  to  become  more 
comfortable  with  “cloud  computing" 
—  software  services  delivered  throu^ 
the  Internet  —  before  it  will  really  take 
off.  But  he  thinks  logic  is  on  his  side. 


What's  so  good  about  doud  eomputhig? 

Cloud-based  applications  are  just 
built  differently.  They’re  not  thought 
of  as  ‘Versions”:  there’s  a  constant 
stream  of  updates.  For  a  large  en¬ 
terprise,  from  an  IT  perspective,  it’s 


How  oho  can  doud  computing  ovarstap 
the  bounds  of  tradMonal  software?  One 

of  the  areas  of  research  at  Google  is 
automated  machine  translation.  What 
you  need  to  do  in  real  time  for  auto¬ 
mated  machine  translation  is  to  call 
up  large  amounts  of  compute  power, 
which  we  have,  and  large  amounts  of 
data,  which  we  have.  Imagine  if  you 
have  a  system  that  can  do  real-time, 
on-the-fly  translation  of  things  like 
e-mail  documents  and  IM  chats.  That’s 
actually  a  feature  [of  Google  Apps]  you 
can  see  on  the  horizon.  If  you  take  a 
traditional  or  PC  or  client/server  type 
[application],  it’s  difficult  to  see  how 
you  would  ever  achieve  that. 

After  one  yav,  has  Oooglp  Apps  mat  tbs 

Continued  on  page  22 


NOW  IT’S  NOT. 


XabilityI 


Download  the  collaboration  roadmap  at  www.moreinter 


Novell  Microsoft 


■  THE  GRILL  I  MATTHEW  OLOTZBACH 


MlnaratKMial 
diSCUSSKMI, 

it’s  pretty 
easy  to  believe  that 
our  systems  are  going 
to  be  as  secure -or, 
in  most  cases,  more 
secure  -  than  your 
average  enterprise. 


ing  our  applications  organizationally 
aware.  We  can  make  sharing  [within] 
your  company  very  easy  and  straight¬ 
forward.  We  can  put  protections  that 
ensure  you  don’t  share  things  outside. 
There  are  APIs  to  integrate  with  direc¬ 
tory  systems.  Those  types  of  things  are 
important  to  enterprises. 


think  social  networking  is  really  go¬ 
ing  to  find  its  home  in  the  enterprise. 
That’s  not  to  disparage  Facebook  or 
MySpace  or  our  own  [Orkut]  social 
network  initiative,  but  when  you  think 
about  work  and  business,  it’s  all  about 
your  network.  It’s  about  who  you  know 
and  who  you’re  connected  to.  I  think 


in  Hs  cron  hah*.  An  you 

I  don’t  wake  up  every  day  thinking 
about  how  am  I  going  to  beat  Mi¬ 
crosoft.  I  think  the  reason  Google  is 
where  it  is  today  is  [that  we]  focus  on 
the  user,  and  everything  else  will  take 
care  of  itself. 

WhyhOooglolMttM'aultadlohottlMiti- 
iMtt  atvs  than  Mieroiaft  t(  al.?  We  had 

no  legacy.  We  weren’t  trying  to  take 
Exchange  and  host  it.  That's  probably 
one  of  the  biggest  challenges  [for]  tra¬ 
ditional  vendors.  They’ve  got  30  years 
of  a  traditional  way  of  doing  things, 
and  it’s  very  hard  to  step  outside  your¬ 
self  and  start  from  scratch. 

What  is  the  hitura  of  SaaS?  I  think 
we’re  going  to  move  more  toward  a 
true  utility  model.  Yeah,  there  may  be 
some  connection  charge  you  pay  every 


Your  old  notebook  can  still  be  put  to  use. 
A  new  one  from  CDW  can  be  put  to  work. 


S349999 


We're  there  with  the  technology  solutions  you  need. 

Sure,  outdated  technology  can  serve  your  needs.  But  unfortunately,  not  your  work  needs.  When  you  upgrade 
to  new  technology  from  CDW,  you'll  be  more  productive  than  ever.  If  you  need  to  go  mobile,  you  can  with 
countless  wireless  options.  Need  to  upgrade  to  a  new  operating  system?  No  problem.  Of  course,  we  also 
offer  a  personal  account  manager  who  knows  the  needs  of  your  business,  as  well  as  a  host  of  configuration 
services.  Bottom  line  -  we'll  make  sure  you  get  what  you  need,  when  you  need  it.  So  call  CDW  today  and 

work  smarter,  not  harder  CDW.COm  j  800.399.4CDW 


The  Right  Technology.  Right  Away. 


■  OPINION 

Michael  Ciaitcnberg 

An  XP  Lite  Could 
Really  Go  Mobile 

I’VE  BEEN  working  with  one  of  the  coolest  ultraportable 
Windows  XP  machines  I  have  ever  used.  It’s  a  shame 
that  most  people  will  never  be  able  to  experience  it. 

The  reason  they  won’t  is  that,  out  of  the  box,  the  Eee 
PC  isn’t  a  Windows  XP  machine.  It  can  become  one,  but  it’s 

not  an  easy  task.  How¬ 
ever,  after  seeing  how 


great  the  Eee  PC  can  be 
after  its  conversion  to  XP, 
I  see  a  big  opportunity 
for  Microsoft. 

First,  though,  let  me 
tell  you  about  the  Eee  PC. 
It’s  a  fairly  limited  device 
from  Asustek  Computer 
that  retails  for  only  $399 
with  512MB  of  RAM  and 
a  lowly  4GB  of  storage. 
Out  of  the  box,  it  has  a 
full  Linux  environment 
based  on  Xandros.  That 
offers  a  lot  of  functional¬ 
ity.  For  example,  revert¬ 
ing  everything  to  a  work¬ 
ing  state  is  a  five-minute 
operation. 

But  that  didn't  cut  it 
for  me.  I  want  Microsoft 
Office,  PopCap  games 
and  a  Sling^x  client. 
Thankfully,  Asus  pro- 


comfortably  fit  into  the 
constraints  of  the  Eee 
PC.  Fortunately,  a  free 
tool  called  nLite  came  to 
the  rescue.  NLite  lets  you 
custom-install  XP  with  a 
much  smaller  footprint. 

It’s  not  something  for 
the  faint  of  heart.  It  took 
me  a  lot  of  trial  and  er¬ 
ror  to  build  a  version 
of  XP  with  an  installed 
footprint  of  just  under 
500MB.  (The  install  it¬ 
self  was  clean  and  easy, 
though.)  Next,  I  installed 
the  Asus  drivers  and  a 
reduced  version  of  Of¬ 
fice  2003,  along  with  a 
few  games.  Finally,  with 
a  driver  for  a  USB  3G 
modem  and  a  suite  of 
portable  applications, 

I  was  all  set.  And  I  still 
had  more  than  half  of  the 
4GB  of  space  on  the  Eee 


What  1  have  is  a  tiny, 
easy-to-carry  XP  ma¬ 
chine  that  weighs  a  mere 
2  lb.  and  has  everything 
I  need  when  I’m  on  the 
road  —  and  nothing 
more.  The  machine  boots 
in  less  than  20  seconds 
and  shuts  down  in  10 
(no  need  to  hibernate  or 
suspend).  In  short,  it’s  a 
cheap  yet  powerful  mo¬ 
bile  device  that  has  full 
PC  functionality. 

So,  what’s  missing? 
Well,  it  could  never  be 
my  primary  machine, 
although  it  could  serve 
that  purpose  just  fine  for 
a  student  if  you  added 
a  cheap  monitor  and  a 
USB  keyboard  for  use  in 
a  dorm.  It’s  not  a  media 
powerhouse,  although 
you  can  watch  movies 
and  listen  to  music  off  of 


there.  NLite  isn't  some¬ 
thing  most  users  should 
mess  around  with,  and 
configuring  stuff  for  por¬ 
table  use  isn’t  something 
most  users  will  know 
how  or  want  to  do. 

But  that’s  simple  to  fix, 
if  Microsoft  wanted  to 
take  advantage  of  the  op¬ 
portunity  that  the  Eee  PC 
and  other  ultraportables 
represent.  It  could  make 
a  version  of  XP  opti¬ 
mized  for  small  systems, 
with  a  version  of  Office 
to  match.  It’s  a  wonder 
it  hasn’t  done  just  that. 

XP  runs  everything  out 
there  and  could  even  be 
“skinned”  to  look  like  a 
Vista  family  member. 

The  fact  is,  Vista  is  just 
not  designed  to  work  well 
on  the  vast  majority  of 
ultraportable  computers, 
and  XP  flies  in  compari¬ 
son.  Instead  of  taking  XP 
to  end  of  life,  Microsoft 
needs  to  consider  XP  as 
a  core  mobile  platform 
going  forward  while 
keeping  Windows  Mobile 
reserved  for  phone-based 
devices  that  are  pocket- 
able  or  smaller.  ■ 

Michael  Oartenberg  is  vice 
president  and  research 
director  for  the  personal 
technology  and  access  and 
custom  research  groups 
at  JupiterSesearch  in 
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BIGFIX  actually  lets  you  see.  We  offer  : 
the  IT  industry’s  only  converged  security  \ 
and  operations  platform  that  enables 
real-time  visibility  and  control  of  globally 
distributed  desktop,  mobile  and  server 
infrastructures.  Are  you  using  LANDesk, 
McAfee,  Microsoft  or  Symantec?  Relax. 

You  won't  have  to  unplug  a  thing.  We  just 
give  you — here's  a  novel  idea — eyes. 


R  GO 

BLIND 

A  VERY  DANGEROUS  WORLD 


on  the  lights  call  ;;;  • ' 

visit  vvv/.v.bigfix  con/geteyes,  We'n  c 
you  unprecedented  v:s;b;lity.  At  your : 
Any  time.  And  vve'rn  betting  yv,.,  '.von 
us  pull  the  plug  aftei  c;.r  30 d. 
tour  de  force.  Becan.-.n  you  vonldn  ' 
willingly  stumble  around  m  the  ridik, 
waiting  for  noctuincV  i  '  '  ■ 
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■  SPOTLIGHT  SECURITY 


Trusting  an  employee 
with  access  to  mission- 
critical  or  sensitive  sys¬ 
tems  is  a  risky  but  un¬ 
avoidable  gamble.  Let’s 
face  it:  People  are  wild 
cards.  In  fact,  let’s  take 
the  gambling  analogy 
a  step  further.  Just  as  casinos  thwart 
cheaters  at  every  table  or  station  on 
their  floors,  so,  too,  can  IT  officials 
thwart  breaches  by  customizing  secu- 


Was  it  the  receptionist,  the 
salesman  or  the  building 
manager  who  gave  away 
company  secrets?  Heres 
how  to  find  and  stop  the  leaks 

By  Jennifer  McAdams 
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director  of  Network  Risk  Management  figure  out  how  to  apply  security  con-  at  casinos,  where  the  st^s  ate  high. 

LLC  in  Portland,  Ore.  Anderson  cites  trols  to  their  day-to-day  job  functions.  Corporations  that  have  just  as  much  to 

a  wide  range  of  personnel  who  pose  that  will  probably  never  happen,  says  lose  must  constantly  communicate  the 

;  mighty  risks  —  everyone  from  security  Anderson.  same  message.  Only  then  will  grant- 

I  guards  to  IT  workers  to  higher-level  Roberts  rattles  off  a  list  of  security  ing  the  privilege  of  access  no  longer  be 

i  executives  with  the  authority  to  over-  measures  employees  are  likely  to  such  a  gamble.  ■ 

I  ride  security  controls.  ignore.  “Strong  password  practices  IteAdamt  is  a/reelonce  writer  in 

I  The  people  problem  continues  to  are  not  being  applied.  The  sharing  of  Vienna,  Va.  You  can  contact  her  at 

I  grow,  since  it  is  now  harder  to  differ-  passwords  continues.  Good  e-mail  JMTechWriter<§>aol.com. 


IBM.COM  TAKEBACKCONTROL/CONNECT 
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■  SPOTLIGHT  SECURITY 


Scammers,  social 
networks  and  illegal 
downloads  threaten 
your  front-line  defense. 

By  Stacy  Collett 


i  the  front  line  of  com- 
j  i  munication  with  cus- 

i  /  i  tomers  and  guests, 

i  m\  which  often  makes 

1  \  them  the  first  tar- 

i  i  gets  for  hackers  and 

— j  saboteurs  looking  for 
company  information. 

Often  young  business  neophytes,  re¬ 
ceptionists  can  be  eager  to  show  their 
competence,  and  they  might  inadver¬ 
tently  supply  too  much  information 
to  a  persistent  caller  or  visitor.  They 
might  also  stave  off  boredom  by  check¬ 
ing  their  personal  e-mail  or  surfing  the 
Web.  Here’s  what  they  need  to  know. 

1  DON'T  TRUST  STRANGERS. 

Social  engineering  scams  —  where 


bases,  as  well  as  to  sensitive  customer 
information,  should  be  restricted.  Re¬ 
ceptionists  should  also  be  trained  with 
real-world  scenarios  to  learn  how  to 
respond  to  information  requests. 


2  SOCIAL  NETWORKING  SITES 
CAN  HOLD  DANGERS. 

browsing  their  Facebook  or  MySpace 
accounts,  watching  an  online  video 
or  downloading  music.  But  malicious 
code  can  now  be  hidden  in  video 
streams,  downloaded  from  Youlhbe 
or  embedded  in  songs  streamed  from 
social-networking  Web  sites. 

What’s  more,  Web  users  often  have 
no  control  over  the  audio  or  video 
they  browse.  “You  can  embed  these 
media  types  directly  into  Web  pages,” 
said  David  Thiel,  a  consultant  at  iSec 
Partners  Inc.,  an  applications  security 
consulting  company  in  San  Francisco, 
in  a  February  webcast.  “So  for  anybody 
who  browses  to  a  Web  page,  a  lot  of 
different  media  file  types  are  launched 
automatically  as  background  music 
or  embedded  video”  without  the  user 


clicking  on  anything. 

ITs  mponsa:  Install  a  filtering 
proxy.  IT  departments  can  block  ac¬ 
cess  to  social  networking  sites  com¬ 
pletely  with  firewall  software.  “But  if 
you  want  to  be  more  liberal  and  allow 
[access],  use  a  filtering  proxy  to  check 
what’s  coming  across  and  get  rid  of  the 
known  nasty  stuff,”  says  Avishai  Wool, 
chief  technology  officer  at  Algorithmic 
Security  Inc.,  a  firewall  management 
company  in  Reston,  Va.  “You  could 
^Isn  include  mail  filters  on  incominz 


opening  itself  up  to  legal  problems  by 
hosting  the  content  on  their  servers 
—  even  inadvertently." 

On  the  IT  side,  peer-to-peer  prod¬ 
ucts  are  resource  hogs  and  can  easily 
drain  significant  chunks  of  bandwidth 
meant  for  company  business.  The 
adware  they  distribute  can  bombard 
systems  with  advertisements  and  pop- 
ups,  hijack  Web  browsers  and  even 
slow  computers  to  a  grinding  halt. 

>»  ITs  mponsK  Block  access  and 
train  employees.  IT  staffs  are  almost 
uniformly  against  using  P2P  services, 
and  they  take  measures  to  block  access 
to  them.  Individual  employees  should 
be  aware  that  company  policies  pro¬ 
hibit  viewing  or  downloading  pirated 
or  indecent  material. 

4  KEEP  YOUR  PERSONAL  E-MAIL 
ACCOUNT  PERSONAL. 

Receptionists  who  access  their  person¬ 
al  Yahoo,  Hotmail  or  Gmail  accounts 
at  work  open  up  the  network  to  po¬ 
tential  malware  attacks.  What’s  more, 
they  may  be  violating  the  company’s 
compliance  requirements. 

At  regulated  companies,  sending 
company  files  to  a  home  computer 
could  violate  corporate  guidelines.  “If 
the  file  that  you  sent  to  yourself  goes 
through  [the  Web  mail  provider’s] 
network,  then  they  have  a  copy  of  what 
you  sent,  and  they  don’t  throw  it  away 
—  so  you  personally  lose  control  of 
that  information,"  Wool  says. 

>»  IT*  responsK  Block  access  to 
known  personal  e-mail  providers  and 
train  employees. 


^  STAFF  SHOULD  KNOW 

Just  one  step  from  the  executive  is 
a  worker  who  often  has  high-level 
data  access.  By  Stacy  Collett 


AOMlWSTIUTIVEstaff- 

:  ■■  ers  may  not  have  their 

!  i  fingers  on  the  pulse 

I  !  of  business-critical 

:  ;  operations,  but  they 

i  i  do  get  their  hands 

on  a  lot  of  sensitive 
company  information. 

Executives  often  grant  administra¬ 
tive  assistants  and  record-keepers 
access  to  strategic  data  and  corre¬ 
spondence  to  make  their  own  lives 
easier.  As  a  result,  these  well-meaning 
assistants  are  often  targets  of  hackers, 
scammers  and  even  espionage. 


That  information  can  include  how  to 
access  systems,  customer  information 
or  any  variety  of  data. 

“There’s  a  lot  of  turnover  in  these 
positions,  and  generally  it’s  a  younger 
workforce,"  he  says.  “The  inexperi¬ 
enced  workforce  is  more  prone  to  fall 
prey  to  pretexters.” 

»>  rPs  raspoma:  Beaver  advises 
companies  to  train  staffers  on  how  to 
properly  screen  calls.  Establish  policies 
on  what  information  they  can  or  can’t 
release,  and  retrain  them  with  real- 
world  examples  on  a  regular  basis. 

2  ADMINISTRATIVE  STAFFERS 
CAN  BE  ESPIONAGE  TARGETS. 


DON’T  ACCEPT  GIFTS 


FROM  STRANGERS. 

Most  administrative  staffers  are  happy 
to  pick  up  a  few  free  items  at  a  confer¬ 
ence  or  trade  show.  But  those  disks 
and  memory  sticks  can  come  loaded 
with  software  that  could  disrupt  your 
systems. 

»>  ITt  mponsa:  Set  a  policy  dis¬ 
couraging  employees  from  bringing 
these  items  to  work.  “If  somebody 
gives  you  a  free  CD  or  DVD,"  even  at 
a  trade  show  or  business  conference, 
“don’t  plug  it  into  your  work  comput¬ 
er.”  Wool  says.  “Definitely  don’t  plug  in 
USB  sticks,"  because  they  can  contain 
software  that  can  launch  automati¬ 
cally,  he  adds. 

4  IF  YOU  WANT  TO  MOVE  UP  THE 
CORPORATE  LADDER.  KEEP 
YOUR  RECORO  CLEAN. 

When  administrative  assistants  are 
hired,  the  position  might  not  call  for 
a  criminal  or  financial  background 
check.  But  as  they  move  up  the  cor¬ 
porate  ladder,  a  clean  record  becomes 
more  important. 


■  SPOTLIGHT  SECURITY 


3 

Facilities 

GROUP  SHOULD  KNOW 

*  These  workers 
:  literally  hold  the  keys 
I  to  your  company’s 
i  physical  security. 

By  Julia  King 

■  HERE  ARE  two  facts 


of  cyber-counterintelligence  at  the  U.S. 
National  Reconnaissance  Office. 

»>  irsrMponsa:  Security  training 
"should  aim  to  get  employees  invested 
in  the  idea  that  they  n^  to  be  curious," 
Theis  says.  “If  you  see  someone  you 
don’t  recognize,  ask  them  who  they  are." 

Darryl  Lemecha,  CIO  at  Vertafore 
Inc.,  provides  the  company's  security 
guards  and  janitorial  and  building 
staffs  with  a  list  of  names  and  photo¬ 
graphs  of  outside  service  workers,  such 
as  delivery  and  cleaning  people  who 
are  authorized  to  enter  the  building. 

2  BEWARE  BIG  RISKS  IN 
SMALL  PACKAGES. 

Incoming  letters  and  packages  can 
easily  be  tampered  with  en  route,  but 
they  ate  rarely  inspected  closely  upon 
arriving  at  a  company’s  mail  facility. 
This  can  cause  big  problems,  especial¬ 
ly  for  companies  like  Vertafore,  which 


STAFF  SHOULD  KNOW 

Your  telecommuters 
are  out  there  in  the 
ether,  along  with  all 
your  company  data. 

By  Julia  King 

^  ;  NO  MATTER  their 


ers  can  carry  in  their  wallets.  Every 
month,  a  half-page  security  bulletin 
goes  out  via  e-mail  that  addresses  a 
new  security  topic  and  offers  three  to 
five  tips  on  how  to  recognize  a  threat 
and  prevent  it. 

Keep  these  three  things  in  mind 
when  considering  potential  threats  at 
your  company. 

1  DON'T  ASSUME  ALL 
IS  AS  IT  SHOULD  BE. 

If  a  person  is  wearing  a  badge,  most 
employees  assume  that  he  is  autho¬ 
rized  to  be  there.  But  crafting  a  coun¬ 


means  anyone  who  has  ever  worKed  in 
that  building  can  still  enter  areas  that 
should  be  off-limits  to  them. 

"The  building  I’m  in  has  a  code 
on  the  elevator,  and  the  code  hasn’t 
changed  since  we  moved  in  three  years 
ago,”  says  Chris  Blake,  workstation  ad¬ 
ministrator  at  The  Benchmark  Group. 
"Everyone  who  has  ever  been  in  this 
building  knows  the  code,  but  the  build¬ 
ing  owner  has  been  reluctant  to  let  us 
change  it." 

>»  ITs  rwponte:  Have  a  regular 
schedule  for  changing  access  codes  to 
secured  areas.  Also,  when  employees 


people  working  from  hotel  rooms, 
airport  gate  areas,  customer  sites 
and  Starbucks  shops.  These  are  the 
people  who  cause  security  manag¬ 
ers  to  lose  the  most  sleep. 

1  BE  AWARE  THAT  ALMOST 
EVERY  DATA  DECISION  HAS 
A  SECURITY  IMPLICATION. 

Security  awareness  training  typi¬ 
cally  occurs  on  an  annual  basis, 
yet  remote  users  make  hundreds 
of  security  choices  every  week  in 
the  course  of  their  work,  says  Carol 
Suchit-Hudson,  director  of  city  wide 
:urity  for  the  New  York  m 


2  YOUR  CHILDREN  AREN'T 
AFRAID  TO  DOWNLOAD. 

“Mom,  can  I  use  your  computer  to 
check  online  for  my  homework?” 

Answering  “yes"  to  this  question 
—  as  many  parents  do  —  can  open 
the  gates  to  security  hell,  experts  say. 
“Letting  kids  and  others  download 


Regularly  monitor  users'  hard  drives. 

3  BE  A  RESPONSIBLE 
GADGET  OEEK. 

BlackBerries,  flash  drives,  mobile 
phones  and  handhelds  frequently  con¬ 
tain  critical  corporate  data,  yet  most 
users  treat  these  relatively  low-cost  de¬ 
vices  far  more  casually  than  laptops. 

»>  fTs  mponse:  “Our  rule  is,  if  we 
don't  own  it,  you  don't  plug  it  into  our 


“Dumpster  diving  remains  a  common 
way  for  thieves  to  get  informatioa”  he 
says.  “People  have  become  quite  accus¬ 
tomed  to  shredding  at  work,  but  there 
are  still  individuals  who  work  from 
home  who  are  without  a  shredder." 

»>  ITs  retponsa;  Shredders  for  all. 
And  they  should  be  cross-cut  shred¬ 
ders,  so  thieves  can't  piece  back  to¬ 
gether  documents  that  have  been  tom 
in  only  one  direction.  ■ 


The  dependable  1780  scans  at  up  to 

130  ppm— even  when  scanning  at  300  dpi  resolution  in  color,  grayscale  or  black-and-white, 
in  dual  stream  mode,  with  all  advanced  features  enabled. 


Kodak  i780  Scanner 


Kodak 


Visit  kodak.com/go/galeforce 


■  SPOTLIGHT  SECURITY 


II  Con  artists  make  it  their  job  to  extract  i 

I  sensitive  corporate  intelligence  from  i 
I  unsuspecting  employees.  Here’s  how  i 


CORPORATIONS  are  woe¬ 
fully  unprepared  to  counter 
attempts  at  corporate  es¬ 
pionage,  say  experts  who 
perform  vulnerability  as¬ 
sessments  designed  to  uncover  security 
weaknesses.  U.S.  corporations  lose  as 
much  as  $300  billion  a  year  to  hacking, 
cracking,  physical  security  breaches 
and  other  criminal  activity,  according 
to  Ira  Winkler,  author  of  Spies  Among 
Us  (Wiley,  2005)  and  president  of  the 
Internet  Security  Advisors  Group, 
which  performs  espionage  simulations 
and  provides  other  services. 

Although  espionage  is  usually  as¬ 
sociated  with  high-tech  approaches  in¬ 
volving  wireless  security  breaches  and 
zombihed  PCs,  low-tech  tactics  such  as 
walking  into  a  building  are  common, 
says  Johnny  Long,  a  security  researcher 
at  Computer  Sciences  Corp.  and  author 
of  No-Tech  Hacking  (Sy  ngress,  2008). 

“To  me,  computers  are  irrelevant,” 
Winkler  says.  “It’s  about  what  data  do  1 
want,  what  form  does  it  take,  and  how 
can  1  steal  it?” 

Any  company  can  be  a  target,  says 
Peter  Wood,  chief  of  operations  at  First 
Base  Technologies,  a  U.K.-based  con¬ 
sultancy  that  performs  ethical  hacking 
services.  Spies  are  interested  in  any¬ 
thing  from  financial  data  to  intellectual 
property  and  customer  data.  They 
mi^t  steal  information  for  blackmail 
purposes,  but  “the  most  common  mo- 


SonicWALL  ^ 


WISHING  FOR  SECURE  REMOTE  ACCESS  CONTROL? 
GRANTED! 


so  MUCH  FOR  THE  STATUS  QUO. 


SONICWALL 


■  SPOTLIGHT  I  SECURITY 


■  SPOTLIGHT  OPINION 

Mark  Hall 

Shhh!  Privacy, 
Please 


But  Hill  5ays  it  goes  be¬ 
yond  mere  PR  gaffes.  CIOs 
for  global  companies  need 


IBRARI ANS  WILL  go  a  long  way  to  defend  the  pri-  privacy  iaw< 

vacy  of  their  patrons’  reading  habits.  How  far  will  J?“stemr' 
you  go  to  defend  the  privacy  of  your  customers’  in-  what  s  legal  for  mai 

-■  formation  and  your  employees’  personal  data?  p°o^“d^e«  f™” 


eceived an NSL  _ 

idoffouowing  py,  estawisning  ^ 

ler  provisions,  piTVaCy  aiMItS  Of 


REMOTE, 

ENGAGED. 

Remote  and  home-based  workers  consistently  were  more  likely 
to  choose  one  of  the  two  most  positive  answers  (typically  "strongly 
agree"  or  "agree")  when  presented  with  these  statements: 


OttKt 

Remote  and 
home-based 

1  am  not  seriously  considering 
leaving  my  company  within  12  months. 

46% 

53.2% 

Considering  everything.  1  am  satished 
with  my  company  as  a  place  to  work. 

63.6% 

73% 

lam  proud  to  tell  people 

1  work  for  my  company. 

63.5% 

70.4% 

1  have  confidence  In 
the  future  of  my  company. 

63.8% 

7ai% 

1  would  gladly  refer  a  friend. 

55.4% 

62.3% 

My  company  supports  empioyees' 
efforts  to  balance  work  and 
family/personai  responsibilities. 

56.7% 

62.6% 

Management  shows  concern  for  fhe 
well-being  and  morale  of  team  members. 

46.9% 

56.2% 

Senior  management  demonstrates 
that  employees  are  important  to 
the  success  of  the  company. 

50.7% 

S6JZ% 

Senior  management  gives  employees 
a  clear  piclureollhedireclion 
the  company  is  headed  in. 

48.6% 

54.1% 

When  my  company's  senior  management 
says  soinelhing.  you  can  believe  It  s  true. 

44.3% 

52.0% 

In  my  company,  there  is  open, 
honest,  two-way  communication. 

43.5% 

53.9% 

My  manager  does  a  good  job 
at  "people  management" 

56% 

64J% 

My  manager  treats  people  fairly. 

87.1% 

73.8% 

My  manager  gives  me  useful  feedback 
on  how  Fm  doing  my  job. 

60.4% 

667% 
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■  ASK  A  PREMIER  100  IT  LEADER 

Scott  Penberthy 

a'llic  chief  tcch- 
nologx  officer 
at  Heavy  Inc. 

responds  to  ques¬ 
tions.  offering  thoughts 
about  tiiist  and  the  issue 
of  y  outh  \'s.  expcrienec. 


and  I  And  there  are  very 
few,  if  any,  companies  wiii- 
ing  to  hire  someone  in  my 
age  group.  The  ione  inter¬ 
view  I  have  had  was  with  a 
iarge  utiiity  company,  and 
as  I  ieft,  the  HR  representa¬ 
tive  commented  tint  they 
were  iooking  for  someone 
younger  with  no  corporate 
experience.  Do  I  have  a 


tant  skiiis  for  an  IT  profes¬ 
sional  to  have  to  advance 
his  career?  Be  someone 
people  can  trust  to  get  a  job 
done  -  and  done  well.  Trust  is 
something  that  takes  months  and  | 
years  to  build,  but  seconds  to 
destroy.  Begin  with  the  little  things  | 
at  work.  If  you  say  you're  going  to 
call,  call.  If  you  see  someone  in 
the  hall  and  mention  you'll  send  an 
e-mail,  send  it.  When  asked  to  gel  | 
something  done,  ask  — 

what  date  they  need  it.  . . . .  '  crate  as  I  did  after 

then  determine  a  day  If*  being  discharged 

you  can  reasonably  J Sse lomeSouc  from  the  Mavy 

accomplish  the  task.  If  monTlw**®*’ 

the  date  is  unreason-  cMwiterworid.cMtianii  If  you  see  yourself 

able,  say  so  and  offer  |  SliSSiliT'"'™  J  as  doomed  to  shovel 


puter  held,  or  am  I  doomed 


an  alternative.  Then 
deliver.  Hit  your  dale.  Trust  is  not 
about  being  nice  and  agreeing  to 
do  everything  as  asked.  In  lact. 
it  can  mean  getting  in  people's 
faces,  when  warranted,  to  hgure 
out  the  right  answer  for  your  com¬ 
pany.  Bring  bad  news  up  quickly, 
and  don't  hide  it.  Your  colleagues, 
boss,  partners  and  customers  will 
learn  to  trust  that  you'll  do  as  you 
say.  They'll  see  you  can  practice 
your  art  of  IT  in  delivering  a  solid 
solution,  in  time.  That  lets  them  do 
fherr  jobs  reliably. 

A  year  ago,  I  received  a 
bachelor's  degree  in  com¬ 
puter  science,  and  now  I  am 


is  age.  I  am  in  my  mid-SOs, 


te,  that's  what 
you'll  do.  If  you  see  people  as  re¬ 
luctant  to  Nre  you  because  of  your 
age.  that's  what  you'll  experience. 
We  get  what  we  expect. 

Change  your  perspective.  Focus 
on  what  you  want  to  do.  where  you 
want  to  go.  You  offer  what  young 
college  graduates  cannot.  You 
combine  an  experience  rich  with 
teamwork,  organizational  behavior. 


ness  management  -  all  lopped 
with  the  latest  in  computer  science 
technology. 

The  HR  person  you  met  sounds 
like  a  loser.  Don't  let  the  losers  pull 
you  down.  Instead,  package  all  you 
have  to  offer,  attack  the  opportuni¬ 
ties  with  the  vigor  of  youth,  and 
expect  to  beat  othershandsdown. 
Buesswhat- it  works. 


Car 


r 


JUST  BECAUSE 
THEY’RE  REMOTE,  IT 
DOESN’T  MEAN  THEY 
AREN7  ENCAGED. 


RecTwte and  home-based  wofters  consistentty  were  more  likely 
to  choose  one  of  the  two  rrwst  positive  answers  (typically  “strongly 
agree'  or  “agree")  when  presented  with  these  statements: 


■  ASK  A  PREMIER  100  IT  LEADER 

Sixittrteiiberthy 

The  chief  tech¬ 
nology  officer 

at  Hmy  Inc. 

_  responds  to  ques¬ 
tions,  offering  thoughts 
about  trust  and  the  issue 
of  youth  vs.  experience. 


Uirt  ikHI*  for  an  IT  profn- 


hioMToar?  Be  someone 
people  can  tnist  to  get  a  job 
done  -  and  done  well.  Trust  Is 
something  that  takes  months  and 
years  to  build,  but  seconds  to 
destroy.  Begin  with  the  little  things 
at  work.  If  you  say  you're  going  to 
call.  call.  If  you  see  someone  in 
the  hall  and  mention  you'll  send  an 
e-mail,  send  it.  When  asked  to  get 
something  done,  ask  SJJgjJ 
what  date  they  need  it. 
then  determine  a  day 
youcanreasonabiy 
accomplish  the  task. 


and  I  find  there  are  very 


ing  te  hire  someone  in  my 
age  group.  The  hme  inter¬ 
view  I  have  had  was  with  a 
large  utility  company,  and 
as  I  left,  the  HR  repressnta- 


able.  say  so  and  offer 
an  alternative.  Then 
deiiver.  Hit  your  date.  Tmst  is  not 
about  being  nice  and  agreeing  to 
do  everything  as  asked.  In  fact, 
it  can  mean  getting  in  people's 
laces,  when  warranted,  to  hgure 
out  the  right  answer  for  your  com¬ 
pany.  Bnng  bad  news  up  quickly, 
and  don't  hide  it.  Your  colieagues. 
boss,  partners  and  customers  wiii 
learn  to  trust  that  you'll  do  as  you 
say.  They'll  see  you  can  practice 
your  art  of  IT  in  delivering  a  solid 
solution,  in  time.  That  iets  them  do 
their  jobs  reliably. 


Crete  as  I  did  after 
cs  guEsnoiiT  dlseharged 

frcmtheMavy 

com(xite™«i(i.c<maixi  If  you  see  yoursell 
L.„.  as  doomed  to  shovel 


te.  that's  what 
you’ll  do.  If  you  see  people  as  re¬ 
luctant  to  hire  you  because  of  your 
age.  that's  what  you'li  experience. 
We  get  what  we  expect. 

Change  your  perspective.  Focus 
on  what  you  want  to  do.  where  you 
want  to  go.  You  offer  what  young 
college  graduates  cannot.  You 
combine  an  experience  rich  vrith 
teamwork,  organizational  behavior. 


A  year  ago,  I  received  a 
hachaior’s  degree  in  com¬ 
puter  science,  and  now  i  am 
one  semester  away  from 
getting  an  MBA.  My  probiam 
is  age.  i  am  in  my  mid-SOs, 


The  HR  person  you  met  sounds 
like  a  loser.  Don't  let  the  losers  pull 
you  down.  Instead,  package  all  you 
have  to  oHer.  attack  the  opportuni¬ 
ties  with  Ihe  vigor  of  youth,  and 
expect  to  beat  others  hands  down. 
Buess  what -it  works. 


Sharl3fenk 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 


changa  tny  password  to  on 


Just  One  Thing 

ConsuKant  pilot  fish  gets  a 
panicked  call  from  a  client 
‘Ewrything  was  working  fine. 
We  went  Into  a  meeting,  and 


connecting  his  laptop  directly 


“Oh  yeah,  I  did  do  somelhkig 


connocted  a  wire  to  a  lack.” 


rest  of  the  story;  Going  into 
the  conference  room  for  the 
meeting,  the  client  noticed  an 


diant  decided  the  logical  place 
to  plug  in  the  cable  was  an  un¬ 
used  network  port  on  the  back 
of  the  VoIP  phone.  “Hot  only  , 
did  H  create  a  loop  In  the  data  ;  dard  into  code." 
network.  It  looped  the  voice 


and  a  number  at  the  end.  I  got 
the  following  error  message: 
‘Error;  CouM  not  complete 
request.  Password  may  not 
end  with  a  number.'  There  is 
no  reason  not  to  end  a  pass¬ 
word  with  a  number  so  long 
as  there  is  also  an  internal 
number.  This  appears  to  be  an 


screen.  Then  the  user  said, 
‘I  don't  understand  why  H 
suddenly  stopped  working. 
Allldidwasputthemoni- 
tor  over  on  the  other  side.' 


e  away  from  the 'stuck' 
edge  and  continued  to  the 
right.  The  mouse  icon  magi¬ 
cally  went  off  the  screen,  all 
the  way  around  the  world, 
and  shewed  up  on  the 'left' 
n's  left  edge.  Apparently, 
the  user  thought  the  laptop 


Sure  There's  a  Reason: 
HWontWorfc 

Trouble  ticket  comes  to  this 
pilot  Ash  at  a  university  com¬ 
puting  center  “There  is  a 
problem  with  the  code  used 
in  changing  passwords.  The 
password  standard  states; 
‘Password  Compositian  and 
Complexitr.  At  least  one 
numeric  that  Is  not  at  the 


Aha! 

Support  pilot  Ash  investigates 
a  user's  problem:  She  has 
dual  screens  and  complains 
that  the  mouse  won't  move 
between  them.  “User  has 
a  laptop  with  an  external 


monitor  to  the  other  side." 

■  Sharky  knows  you've  got 
a  true  tale  of  IT  life  to  tell. 
Move  it  in  my  direction: 
sharky@computerworld.com. 
You'll  score  a  sharp  Shark 
shirt  ifl  use  it. 


screens  showed  the  lovely 
tulip  wallpaper  she  had 
selected,  so  the  video  card 
was  set  to  extended  desktop. 
But  when  I  tried  to  go  from 
the  laptop  to  the  external 
monitor,  the  mouse  stopped 


I^CliyPUTElWOilLD  SNIA 

Best  Practices 

IN  STORAGE 


HITACHI 

Inspire  the  Next 


Thank  you  to  our 

‘Best  Practices  in  Storaga' 

Judges  for  SliWSprMg2IIIIB: 

•Petei  Amstuti  OcfeoM  Comiact  Mangaram 
•  Andms  Cavallo.  AuUia  Eiwgy 


Congratulations 
Award  Recipients! 

Storage  Networking  World  proudly  announced 
the  results  of  the  "Best  Practices  in  Storage" 
Awards  Program.  This  program  honors  IT  users 
"Best  Practice"  case  studies  selected  from 
a  field  of  qualified  finalists. 

Honoree  Award  Recipients  in  each  of  the  following  categories  were  recognized  during  the 
Gala  Awards  ceremony  at  Storage  Networking  World  in  Orlando,  Florida,  on  April  9th; 

Innovation  and  Promise _  _ 

Livermore  Computing,  Livermore,  California 

Finalists:  •  Fleet  Management  Limited,  Wanchai,  Hong  Kong 

•  Sprint  Nextel,  Overland  Park,  Kansas 

•  Tucson  Electric  Power,  Tucson,  Arizona 

•  University  of  North  Texas,  Denton,  Texas 

Planning,  Designing  and  Building  a  Strategic  Storage  InfrastnicOire 
British  Columbia  Interior  Health  Authority, 

Kelowna,  British  Columbia 

Realists:  •  Sality  Digital,  Burbank,  California 

•  General  Motors  Corporation,  Warren,  Michigan 

•  Infosys  Technologies  Umited,  Bangalore,  India 

•  VaultLogix,  LLC,  Ipswich,  Massachusetts 

Selecting  and  DepleyiniSteraiallntw^ _ 

NASCAR  Mwiia  SnMp,  a 
and  bnMdcaal  MNaa  ef  NRSm 


I  FRANKLY  SPEAKING 


Frank  Hiwcs 


Security  Team 


How  MANY  people  do  you  have  working  to  pro¬ 
tect  your  data,  systems  and  networks?  Go  ahead, 
count  ’em  up.  We’ll  wait.  Finished?  Here’s  the  bad 
news:  Unless  you’ve  just  counted  every  person  in 
your  organization  —  not  your  IT  department,  but  your  entire 
enterprise  —  it’s  not  enough. 


men  secumy 
wasn’t  enough  the 
certainly  not  enou 


always  be  cut.  And  they 
represent  hundreds  or 
thousands  of  eyes  and 


they’U  do  it.  They’ll  be 
glad  to.  Not  because  it’s 
in  their  job  descriptions, 


But  that’s  not  enough. 

Look,  we’ve  all  inher¬ 
ited  our  ideas  about  IT 
security  from  a  simpler 
time.  The  dau  was  in  the 
glass  house.  We  guarded 
it.  Simple,  no? 

No.  It  wasn’t  that  sim¬ 
ple.  It  wasn’t  enough  then, 
either.  Information  was 
all  over  the  organization, 
in  reports  and  notebooks, 
filing  cabinets  and  desk 
drawers.  Crooks  and  spies 
and  hackers  wormed  their 
way  in  and  walked  away 
with  critical  informa¬ 
tion,  even  if  they  never 
got  near  the  data  center. 


your  organization  isn  t  the 

Your  fellow  employ¬ 
ees  may  be  a  security 
problem,  but  they’re  not 
intent  on  destroying  their 
jobs.  Not  most  of  them, 
anyhow.  They’re  only  a 
problem  because  they 

■  All  employees 
have  a  part  to  play - 
a  major  part,  one 
that  in  aggregate 
dwarfs  what  the  IT 
security  pros  can  do. 


It’s  in  every  employee’s 
interest  to  protect  those 
assets  —  every  employee 
except  for  the  few  crooks, 
spies  and  hackers  on  the 

And  except  for  those 
internal  threats,  it’s  not 
hard  to  get  people  to  un¬ 
derstand  that  IT  security 
is  in  their  interest.  And 
that  they  have  a  part  to 
play  —  a  major  part,  one 
that  in  aggregate  dwarfs 
what  the  IT  security  pros 


there  —  in  greater  num¬ 
bers,  with  more  sophis¬ 
tication  and  variety, 
and  delivering  orders  of 
magnitude  more  attacks 
against  you.  To  beat  them, 
you  need  all  the  help  you 


columnist.  Contact  him 

atfrank_hayes@ 

computerworld.com. 


Enabling  the  Revolution 


Techralogy  for  better  business  outcomes. 


Alternative  thinking  is  repositioning  IT  from  the  server  closet 
to  the  front  lines,  embracing  its  impact  on  the  business 
(not  just  in  o  PowerPbin1*deck,  but  octually  doing  it). 


It's  rewiring  the  rules  of  engagement  to  identify  problems, 
prioritize  solutions  and  automate  change  (before  things 
become  business  critical). 


It%  partnering  with  HP,  a  pioneering  force  behind  fTIL,  to  leverage 
the  experience  of  certified  consultants  and  utilize  the  ingenuity 
engrained  in  the  DNA  of  our  software. 


It's  placing  business  metrics  under  the  microscope  every  day, 
every  minute,  every  nanosecond — enhancing  insight  and 
extending  control  (from  a  finoncial  perspective,  for  o  change). 


